[tcpdump-workers] Re: How to see the interface name on each line of output?

Fri, 20 Apr 2001 06:40:40 -0700 

The latest info from my own investigations is after this background
information...

> 
> Ed Stevens wrote:
> >
> > > I would like to know how to start tcpdump 3.6 listening on all
> > > interfaces such that the name of the interface is printed on each line
> > > of output.
> > > In tcpdump 3.4, this is easy: just start up without specifying an
> > > interface.  I expected that starting 3.6 with the 'any' interface
> > > specified would do the same thing, but it doesn't.  I really need to be
> > > able to listen to all interfaces, AND to know which interface each
> > > packet belongs to.
> > >
> >
> > Here's an added note: I downloaded and built tcpdump 3.4.19, and I don't
> > see the device names on output there either.  Is this a compile-time
> > option?  Or should I be looking at an earlier version, say, 3.4.1?
> 
> I tried 3.4.5; same deal.
> 
> Here is the output of the tcpdump 3.4 binary from the Red Hat Linux RPM:
> 
> [root@myhost sbin]# ./tcpdump arp
> Kernel filter, protocol ALL, datagram packet socket
> tcpdump: listening on all devices
> 19:05:44.442858 eth0 B arp who-has 10.10.0.1 tell 10.10.3.234
> 19:05:46.684144 eth0 B arp who-has 10.10.3.160 tell 10.10.0.215
> 19:05:46.684911 eth0 B arp who-has 10.10.3.236 tell 10.10.0.215
> 
> ...etc...
> 
> After the timestamp there is the device name, and a B (for broadcast, I
> assume).
> The device name is what I need... but there are no #ifdefs in the code
> to account for the difference.  I need to be able to build, from the
> source code, a version that will "listen on all devices" as above and
> print out the device name as well.
> Any ideas on how this was done with a single instance of tcpdump?
 
The code that I needed is in the tcpdump-3.4-19.src.rpm from Red Hat, in
the form of a number of patches to libpcap and tcpdump.  This is why I
didn't see the output formatted as above when I built from the source
files; I had not also applied the patches.  (Running 'rpm --rebuild
tcpdump-3.4-19.src.rpm' creates an RPM containing a build of tcpdump
with all patches included, but also deletes the patched source when it's
done.)

Now I need to find out if there are patches that I can apply to tcpdump
3.6 and libpcap 0.6 in order to get the same behaviour.  (With the
libpcap patch, the pcap_pkthdr structure is expanded to carry the
interface index, protocol and packet type.) I'll submit this question as
a new message.

-- 
Ed Stevens
Senior Software Designer, Atreus Systems Corporation
(613) 233-1741 x226
http://www.atreus-systems.com
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to